Main menu

Category Archives: jailbreak

iPhone experts Steven Troughton-Smith and chpwn seem to have just gotten the iPhone 4S-only Siri working on jailbroken iPhone 4 and current-gen iPod touch units this evening. This bypasses earlier authentication issues. They tweeted their success and posted a screen shot showing Siri working via Wi-Fi (the Airplane Mode icon just means that 3G is turned off, but it is possible to turn Wi-Fi back on even in AM; that's what they did.)

Their success comes just weeks after the iPhone 4S debuted. Since Apple's back-end systems are checking for iPhone 4S devices before processing Siri queries, they managed to work around this limitation. The hack is based on moving compiled code components from a 4S to the older units.

In an interview with 9to5Mac, Troughton-Smith recounts that the Siri transplant was about a 20-step process, and that it does require access to a jailbroken iPhone 4S to work. He has no intention of releasing the mod to the public; this is a proof-of-concept only.

It's been ten days since Siri hit the scene and the virtual assistant is in the process of being torn apart by the hacking community. Siri, as it exists on the iPhone 4S, has been ported to the iPhone 4 and now the iPad 1. Developer Steven Troughton-Smith, who worked on the iPhone 4 port, has shared his progress with @jackoplane who has successfully ported the app to the iPad 1. Several images of Siri running on the tablet device document this achievement.

Unfortunately, neither the iPhone 4 nor the iPad port is fully functional at this point. Siri still needs to connect to Apple's servers to work and the servers are configured to accept requests only from the iPhone 4S. Potentially, these devices could be spoofed to look like an iPhone 4S which could open this functionality to jailbroken devices.

Jailbreaking and porting may be the only solution for owners of older hardware who want Siri on their iOS devices. It's doubtful that Apple will bring Siri to the iPad 1 or the iPhone 3GS. Apple may not want to support this older hardware and these models may also lack the processing power required for the voice assistant. But as some of you pointed out in one of our latest "You're The Pundit" posts, Apple could decide to bring Siri to the iPhone 4 and the iPad 2 once it comes out of beta.

Most iPhone and iPad users are perfectly happy with the software on the device as it is shipped by Apple.

A minority, however, prefer to open up their devices. By doing this, they can:

* Run applications and extensions not approved by Apple.

* Download software from alternative appstores, without tying those downloads to an Apple account.

* Access all the files and configuration data on their device directly, in order better to understand and secure it.

Liberating your device sounds like a great idea, but this behaviour has been stigmatised amongst corporate users.

Firstly, the action of removing artificial security restrictions is known as "jailbreaking," making it sound like a doubly-dangerous criminal act. (Since only crooks are supposed to be in jail in the first place, jailbreakers are not only criminals, but recidivists to boot.)

Secondly, jailbreaking opens up the less security-savvy user to additional risks. Some jailbreakers don't take on the additional responsibility which goes with the increased power over their device. That's how the now-infamous iPhone viruses Ikee and Duh were able to spread.

Thirdly, jailbreaking isn't supposed to be possible. So every jailbreak relies on you exploiting a software vulnerability to escape from Apple's artificial strictures. That means you have to trust the creators of the jailbreak not to abuse the exploit you're choosing to run against your device.

The flipside, of course, is that those who don't jailbreak their phones are trusting Apple not to leave the sort of exploitable hole that would permit crooks to break into the internals of their device.

And Apple hasn't been terribly trustworthy on that score. Despite a solid commercial reason for keeping its devices secure - namely, that an unjailbroken device can only shop at the Apple AppStore - few of Apple's operating system versions stay safe for very long.

Early in July, the JailbreakMe site published an automated, on-line method for opening recent iDevices running iOS 4.3.3.

(The jailbreakers also provided a patch by which you could close the remotely exploitable hole, for your own safety, after jailbreaking.)

Apple, to its credit, caught up within two weeks with an iOS update to version 4.3.4, closing the hole used by JailbreakMe.

But the jailbreakers claim to be back in already. By all reports, the latest jailbreak doesn't work for iPad2 users, and it can't be done simply by visiting a website.

You need to plug your device in to a computer, in what's called a "tethered" jailbreak, and you need to re-jailbreak it every time you reboot.

With this in mind, the tricky question becomes, "Whom should I trust more: Apple or the jailbreakers?"

I can't answer that question - and if your iDevice is provided by your company, you shouldn't try to answer it by yourself.

Perhaps the best way to approach the issue is to rephrase it more equivocally, in the manner of Google, which sets out not to be evil, rather than actually to be good.

So, if you're thinking of jailbreaking, ask yourself, "Do I distrust the jailbreakers." If not, then jailbreaking may be for you. Just be sure to read all the security guidelines associated with the process, and be sure you have the explicit permission of the owner of the device.

The updated version for all but the Verizon iPhone is version 4.3.4, while Verizon customers can update to 4.2.9. To update just open iTunes, check for updates and plug in your phone/MP3 player/tablet.

This raises one of my big pet peeves with Apple products.. Why do I have to tether to update? Oh! I see you will have that feature in iOS 5? I guess I will stay vulnerable until I happen to be in the same city as my copy of iTunes...

Two of the fixes are for font handling issues in PDFs that allow for remote code execution (RCE). The third fix is in the graphics handling code and can be exploited to allow for elevation of privilege (EoP).

It appears the JailBreakMe.com hack used at least two of the three flaws to jailbreak the iDevices. It initially downloaded a PDF to gain the ability to run arbitrary code and then sent down a PNG file that elevated itself to root to perform the jailbreak.

If your phone is not jailbroken, I recommend updating as soon as possible. If you have jailbroken your device you will need to decide if you wish to trust the unofficial "patch" on Cydia and stay jailbroken, or if you should join the herd and go with Apple.